Summary
Overview
Work History
Education
Skills
Hobbies and interests
Timeline
Generic

Muhammad Affan Habib Khan

Warrington

Summary

Cybersecurity Delivery Engineer specialising in high-assurance OT, ICS, DCS, Triconex, Foxboro, and SCADA environments, with hands-on expertise in delivering secure, compliant, and operationally resilient cybersecurity architectures for critical infrastructure. Strong technical command of Trellix ePO, Trellix Application Control/Solidcore, endpoint security, industrial firewalling, network segmentation, Active Directory, Group Policy, iDMZ infrastructure, Veritas backup technologies, and IEC 62443-aligned delivery.

Experienced in leading cybersecurity implementation across the full project lifecycle, from technical design, customer workshops, and pre-sales support through deployment, FAT/SAT execution, compliance audits, documentation approval, and site acceptance. Known for implementing strict security controls in live OT environments, including application whitelisting, role-based access, hardened endpoint policies, controlled data transfer, backup strategy, and resilient file replication alternatives.

A technically sharp and delivery-focused engineer with the ability to translate complex cybersecurity requirements into robust engineering outcomes. Brings a rare combination of OT domain knowledge, hands-on security implementation, troubleshooting depth, compliance awareness, and customer-facing professionalism required for high-value cybersecurity delivery roles.

Overview

3
3
years of professional experience

Work History

Cybersecurity Delivery Engineer

Schneider Electric
09.2024 - Current
  • Delivered cybersecurity solutions across complex OT/ICS environments, including Foxboro DCS, Triconex safety systems, and SCADA architectures, ensuring secure implementation, customer requirement traceability, and alignment with internal engineering standards and IEC 62443 principles.
  • Architected and deployed Purdue Model-aligned OT network security designs using industrial Fortinet and Tofino firewalls, FortiSwitch and Extreme switching infrastructure, segmented security zones, and restrictive firewall rule sets, subsequently reducing attack surface and strengthening defence-in-depth across critical industrial environments.
  • Executed VLAN migrations across a live hydro site comprising 100+ OT assets, ensuring controlled segmentation changes, service continuity, and minimal disruption to critical production operations.
  • Served as the Trellix ePO Subject Matter Expert (SME), owning deployment, configuration, policy administration, repository management, troubleshooting, Data Loss Prevention (DLP) and endpoint security operations across complex customer environments.
  • Led Trellix Application Control/Solidcore deployments across multiple customer OT environments, implementing strict allowlisting controls to prevent unauthorised execution while preserving the approved executables, scripts, libraries, and system files required for site operation.
  • Owned Active Directory security configuration across OT/ICS environments, managing role-based access control, user permissions, domain policies, and Group Policy modifications to support customer-specific operational requirements while preserving secure access, policy integrity, and system stability.
  • Owned the maintenance and security governance of local and remote delivery-site iDMZ infrastructure, ensuring availability, controlled connectivity, secure data exchange, and operational readiness through monthly deployment of smoke-tested Windows Updates, Active Directory audits, and staging-area access reviews to minimise vulnerability exposure, enforce least-privilege access, and reduce lateral movement risk across the staging environments.
  • Performed advanced troubleshooting of networks and cybersecurity incidents using Wireshark packet capture analysis, protocol-level diagnostics, firewall and endpoint telemetry, and Extreme IQ monitoring to isolate root cause, resolve security and connectivity faults, and maintain stable industrial communications.
  • Led FAT and SAT delivery for integrated cybersecurity solutions supporting OT environments, and Data Centre Building Management Systems (BMS), validating functional performance, security control effectiveness, secure system integration, and customer acceptance criteria prior to operational handover.
  • Governed the review and approval of technical documentation, including functional specifications, test procedures, support documentation, cybersecurity hardening records, and compliance evidence, ensuring accuracy, traceability, and alignment with project security and delivery requirements.
  • Architected OT backup and recovery strategies using Veritas/Arctera-based solutions, incorporating risk-based backup scheduling, restore-readiness validation, least-privilege NAS access controls, and resilient RAID configurations to improve recoverability, protect critical system data, and support business continuity.
  • Engineered and deployed Robocopy-based file transfer automation across a customer environment spanning 10 sites and 2 data centres, delivering a resilient alternative to DFS Replication for controlled transfer of alarms, trends, user exports, system reports, and authorised files between IT and air-gapped SCADA environments whilst maintaining stringent access controls.
  • Contributed to pre-sales engagements and customer workshops by translating OT cybersecurity requirements into technically robust solution designs, clearly defined delivery scopes, and practical implementation strategies aligned with customer operational and security objectives.

Graduate Process Automation - Cyber Specialist

Schneider Electric
09.2023 - 09.2024
  • Owned DQP-50 audit execution across delivery sites, validating IEC 62443 compliance, cybersecurity control implementation, and technical documentation evidence required to support TÜV certification readiness.
  • Incident Response Trainning
  • DCS Day 0s

Education

Bachelor of Science - Software Engineering

York St John University
York
01-2023

International Baccalaureate (IB) -

International School of London, Qatar
Doha, Qatar
01-2020

Skills

  • Cybersecurity architecture (IEC 62443)
  • Network security and segmentation
  • Firewall configuration
  • Endpoint protection
  • Incident response
  • Security compliance
  • Risk management
  • Log analysis
  • Windows Active Directory
  • Programming
  • Technical documentation
  • Customer engagement

Hobbies and interests

  • Investing and Trading
  • Fitness and Boxing
  • Global Politics

Timeline

Cybersecurity Delivery Engineer

Schneider Electric
09.2024 - Current

Graduate Process Automation - Cyber Specialist

Schneider Electric
09.2023 - 09.2024

Bachelor of Science - Software Engineering

York St John University

International Baccalaureate (IB) -

International School of London, Qatar
Muhammad Affan Habib Khan